VexSolver

Vercel BotID ACTIVE

x-is-human + KP_UIDz session minter for any Vercel BotID-protected site.

Overview

Vercel BotID is a two-tier protection: a Basic tier that ships an obfuscated c.js emitting an encrypted x-is-human JWE, and a Deeptier that wraps a Kasada KPSDK runtime under the deployment's UUID-proxied path. VexSolver handles both:

  1. Detects the BotID UUID base on your target (or you provide it directly)
  2. Runs the Kasada Deep solve in pure Go (no goja, no Node) — mints a fresh KP_UIDz with cr=true
  3. Fetches c.js with the freshly-minted Kasada session
  4. Extracts the per-fetch PBKDF2 key and per-rotation S constant in pure Go
  5. AES-GCM-256 encrypts a clean signal payload → x-is-human
  6. Returns the full token bundle ready for replay

What you get back

All values are returned in cookie_map. Set them on your real request:

  • x-is-human — HEADER, JSON-stringified {b,v,e,s,d,vr}
  • x-kpsdk-ct — HEADER, 175-char Kasada token (cr=true)
  • x-kpsdk-cd — HEADER, PoW result JSON
  • x-kpsdk-h — HEADER, HMAC fingerprint
  • x-kpsdk-v — HEADER, version (j-1.2.381 for BotID)
  • KP_UIDz, KP_UIDz-ssn — COOKIES, Kasada session
  • x-method, x-path — you set these to your real method + path

Input options

Pass any one of these (from highest priority):

  • base_url — full UUID-proxied path (fastest, no auto-discovery)
  • pjs_url — direct Kasada p.js URL
  • cjs_url — direct BotID c.js URL
  • url — the page URL (we'll auto-discover)

Step 1 — Submit (target URL)

curl -X POST https://api.vexsolver.com/api/solve \
  -H "X-API-Key: sk_live_..." \
  -H "Content-Type: application/json" \
  -d '{"url":"https://v0.app/chat"}'

# → { "taskId": "..." }

Step 1 — Submit (direct p.js or c.js URL)

curl -X POST https://api.vexsolver.com/api/solve \
  -H "X-API-Key: sk_live_..." \
  -H "Content-Type: application/json" \
  -d '{
    "vendor": "vercel_botid",
    "pjs_url": "https://v0.app/149e9513-01fa-4fb0-aad4-566afd725d1b/2d206a39-8ed7-437e-a3be-862e0f06eea3/p.js"
  }'

Step 2 — Poll

curl -G "https://api.vexsolver.com/api/getTaskResult" \
  -H "X-API-Key: sk_live_..." \
  --data-urlencode "taskId=<taskId>"

Poll result

{
  "success": true,
  "vendor": "vercel_botid",
  "source": "botid_solver",
  "target": "https://v0.app/chat",
  "elapsed_ms": 3071,
  "user_agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36",
  "cookies": "KP_UIDz-ssn=0en20...; KP_UIDz=0en20...",
  "cookie_map": {
    "KP_UIDz":     "0en20pPWJT0LSrs74CN54MbMGy88xYut...",
    "KP_UIDz-ssn": "0en20pPWJT0LSrs74CN54MbMGy88xYut...",
    "x-is-human":  "{\"b\":0,\"v\":0.079,\"e\":\"eyJhbGc...\",\"s\":\"Qd0z...\",\"d\":1,\"vr\":\"3\"}",
    "x-kpsdk-ct":  "0en20pPWJT0LSrs74CN54MbMGy88xYut...",
    "x-kpsdk-cd":  "{\"workTime\":1777211296418,\"id\":\"a48d...\",\"answers\":[15,14],\"d\":875,...}",
    "x-kpsdk-h":   "01LAYcQHBsrRxyq9ja+CNVxPZlQ9g=",
    "x-kpsdk-v":   "j-1.2.381"
  }
}

How to replay

# 1. Submit + poll (see above) and capture the result into $RESULT.

UA=$(echo "$RESULT"      | jq -r '.user_agent')
XIH=$(echo "$RESULT"     | jq -r '.cookie_map["x-is-human"]')
XKCT=$(echo "$RESULT"    | jq -r '.cookie_map["x-kpsdk-ct"]')
XKCD=$(echo "$RESULT"    | jq -r '.cookie_map["x-kpsdk-cd"]')
XKH=$(echo "$RESULT"     | jq -r '.cookie_map["x-kpsdk-h"]')
XKV=$(echo "$RESULT"     | jq -r '.cookie_map["x-kpsdk-v"]')
COOKIES=$(echo "$RESULT" | jq -r '.cookies')

# 2. Replay your protected POST with the headers + cookies set
curl -X POST https://v0.app/chat/api/chat \
  -H "User-Agent: $UA" \
  -H "Cookie: $COOKIES" \
  -H "x-is-human: $XIH" \
  -H "x-kpsdk-ct: $XKCT" \
  -H "x-kpsdk-cd: $XKCD" \
  -H "x-kpsdk-h: $XKH" \
  -H "x-kpsdk-v: $XKV" \
  -H "x-method: POST" \
  -H "x-path: /chat/api/chat" \
  -H "Content-Type: application/json" \
  -d '<your real payload>'

Node.js example (submit + poll)

const API = "https://api.vexsolver.com";
const KEY = "sk_live_...";

const submit = await fetch(`${API}/api/solve`, {
  method: "POST",
  headers: { "X-API-Key": KEY, "Content-Type": "application/json" },
  body: JSON.stringify({ url: "https://v0.app/chat" }),
});
const { taskId } = await submit.json();

let result;
for (let i = 0; i < 60; i++) {
  await new Promise(r => setTimeout(r, 2000));
  const r = await fetch(`${API}/api/getTaskResult?taskId=${taskId}`, {
    headers: { "X-API-Key": KEY },
  });
  result = await r.json();
  if (result.status !== "pending") break;
}
if (!result.success) throw new Error("solve failed");

const { cookies, cookie_map, user_agent } = result;
const reply = await fetch("https://v0.app/chat/api/chat", {
  method: "POST",
  headers: {
    "User-Agent":   user_agent,
    "Cookie":       cookies,
    "x-is-human":   cookie_map["x-is-human"],
    "x-kpsdk-ct":   cookie_map["x-kpsdk-ct"],
    "x-kpsdk-cd":   cookie_map["x-kpsdk-cd"],
    "x-kpsdk-h":    cookie_map["x-kpsdk-h"],
    "x-kpsdk-v":    cookie_map["x-kpsdk-v"],
    "x-method":     "POST",
    "x-path":       "/chat/api/chat",
    "Content-Type": "application/json",
  },
  body: JSON.stringify({ /* your payload */ }),
});
What's covered
Vercel BotID Basic + Deep (Kasada KPSDK) tiers. Both tiers solved in pure Go — no goja, no Node, no browser at solve time. Verified live on v0.app(Vercel's flagship AI), vercel.com, chat.vercel.ai and other production deployments.

Typical performance

  • Direct base/pjs/cjs URL: 2.0–2.7 seconds (skips auto-discovery)
  • Target URL only: 2.4–3.5 seconds (one extra GET to find UUID)
  • 5/5 success rate on standard production deployments
  • Every solve is real-time — tokens are unique per call, no caching

Pricing

1 credit per successful solve. Failed solves are refunded automatically.